Thursday, June 28, 2012
By: David L.
As Cyber Security professionals, we are constantly informing people about the dangers of a lack of good cyber security.
Today, I’m writing a bit of information on how to recover from a cyber incident, a hacking, or virus incident.
When someone discovers that they’ve been hacked, often the first feeling is one of violation. Potentially private information has been stolen, and the victim may have no idea where to turn. Even a plain virus incident can generate feelings of the loss of trust, and potential loss of hard work.
Hopefully the victim has nearby a phone number contact for a cyber security professional (of course, feel free to contact us at Thunderpaw if you don’t already have a cyber security professional lined up.) And that should be your initial point of contact.
Once we get that initial contact, often one of the very first things we ask victims to do if we suspect a breach, is to start changing passwords. We usually start with the approach of a full blown 100% compromise, and work to narrow the focus given clues and other information. But it is very important to share as much information with your cyber security response team as you can.
While we want to hear about an incident as quickly as possible, don’t do anything rash, and don’t be surprised if your cyber security incident response company doesn’t do much more immediately than have you change passwords. Why is this? Often, over-reaction causes more damage than the initial incident! (1)
In the case of an obvious virus incident, we may advise shutting down the affected system or temporarily removing it from the Net. This helps reduce the possible spread.
Of course, the response will be determined by the incident, and we have seen serious cyber security incidents that started off as minimal reports; along with false alarms that seemed very serious at first glance.
After the cyber security event, whether virus or hacking, how does the victim recover?
Often, the victim computer will need to be rebuilt, sometimes from scratch. It is actually a good time to consider upgraded systems.
Be sure to obtain and have handy ALL original software disks and licenses – you do have them all safely stored, correct? If not, NOW is the time to do so. This includes operating system and all applications you use to do business.
Be sure to have handy the tech support contact for any hardware involved, computers, printers, etc
If you are hiring an IT professional to rebuild your systems, they will need all that information in order to make the process as smooth as possible. Expect there to be some hiccups, and expect the recovery period to take longer than expected.
Once the victim has recovered from the cyber attack, it is important to examine why the breach happened in the first place, and take preventive measures.
In many cases, changing habits is the most difficult part.
Cyber Security Professional
1 – Verizon Cyber Security Breach Report – 2012